Jailbreak Attack Claims More Than 225,000 Apple Logins

[DroidModderX]

​

Alright Apple fan boys its your turn now. Apple fans were laughing hard at the stagefright vulnerability a few weeks ago. Now it seems that over 225,000 Apple Logins have been compromised. It can be argued that this attack is more severe since the apple logins were actually taken. Virtually no one was ever affected by the stagefright vulnerability.

The only real difference here is that the Stagefright vuln existed on rooted and non rooted phones alike. This Jailbreak attack only affects those users that decided to jailbreak their phones outside of Apple's guidance. Apple login credentials were stolen via malware distributed through Cydia. The malware referred to as "Keyraider" was being distributed only in Weiphone's Cydia repositories. Types of data that were compromised include login credentials, purchasing receipts, device ID's and other data. Data was transmitted without the users knowledge.

Via Thenextweb

 

[pc747]

​

Alright Apple fan boys its your turn now. Apple fans were laughing hard at the stagefright vulnerability a few weeks ago. Now it seems that over 225,000 Apple Logins have been compromised. It can be argued that this attack is more severe since the apple logins were actually taken. Virtually no one was ever affected by the stagefright vulnerability.

The only real difference here is that the Stagefright vuln existed on rooted and non rooted phones alike. This Jailbreak attack only affects those users that decided to jailbreak their phones outside of Apple's guidance. Apple login credentials were stolen via malware distributed through Cydia. The malware referred to as "Keyraider" was being distributed only in Weiphone's Cydia repositories. Types of data that were compromised include login credentials, purchasing receipts, device ID's and other data. Data was transmitted without the users knowledge.

Via Thenextweb

Maybe I am being paranoid but part of me feel like this was an Apple insider looking to go after jailbreakers.

Either way since Apple took a strong stance against jailbreaking from the beginning they hold no liability and do not have to worry about patching anything.

It sucks that people do these things but the reality is that cellphone are the new target point for no-gooders.

 

[Efin]

They'd make good target practice though... (the bad guys...)

Good thing I've never considered Jailbreakin my iPhone..., I mean my wife's iPhone

 

[Jonny Kansas]

These are the risks you run when you play with unauthorized/unapproved software. I'd be mad if rooting a device lead to my info being stolen, but at the same time, when you open yourself wide up to the potential for malware, you've really only got yourself to blame. These repositories for jailbreak apps that aren't vetted by Apple first are the perfect place to launch an attack like this. Not that malware can't get into official app stores, but there's definitely a higher risk when it comes to stuff like this.

 

[Ollie]

Maybe I am being paranoid but part of me feel like this was an Apple insider looking to go after jailbreakers.

Either way since Apple took a strong stance against jailbreaking from the beginning they hold no liability and do not have to worry about patching anything.

It sucks that people do these things but the reality is that cellphone are the new target point for no-gooders.

This is probably the largest Chinese repository for Cydia. I don't think Apple would do such a thing. All Apple has to do is wait for the jailbreak exploit to be released to the masses and then plug it in their next OS release. Those happen so frequently that a jailbreak doesn't stay out in the wild for too long.

 

[kodiak799]

These are the risks you run when you play with unauthorized/unapproved software.

I accept and can manage that risk (just one reason why I do nothing sensitive on my phone). Unfortunately, this just "validates" Google and carrier positions to block root.

 

[MissionImprobable]

Malware can end up on your PC simply by visiting certain sites; does that in itself 'validate' VZ's and some net provider's claims that they should be able to control where users go on the web? I know that your use of quotes implies just how shoddy their argument is, but I still find it sad that they even try and use that as a line of reasoning.